The Computer Fraud and Abuse Act (“CFAA”) was originally passed as a means to prosecute hackers. In recent years, many employers have utilized the CFAA as a tool to combat employee data theft, destruction and/or deletion of data, including emails, documents, presentations, contact lists and a wide-range of other information that can be stored electronically. In Maryland, an employer’s ability to use the CFAA against former employees has been greatly reduced. The CFAA prohibits a person from, “access[ing] a protected computer without authorization or [from] exceed[ing] authorized access . . . .” Previously employers have used the CFAA to sue former employees who took information from the employer’s computers without permission. The theory was, taking the information off the employer’s computers, with the intent to harm the employer or use the information for personal gain, qualified as exceeding authorized access. However, in WEC Carolina Energy Solutions LLC v. Miller, the Fourth Circuit Court of Appeals, which includes Maryland, ruled that an employee who accesses an employer’s computers, with an employer provided username and password, has not violated the CFAA. While the narrower interpretation limits the applicability of the CFAA, employees still have to be careful. Some states may have their own laws on this subject. In addition, an employee could still be sued under state tort common law claims, as well as for breach of contract if the employee has entered into a written agreement with the employer. Lebau & Neuworth attorneys have experience in defending against CFAA claims. Contact us if needed. However, the best advice is just don’t do put yourself in a position where you may have to defend against such claims.
